News and information on the misuse of technology for political reasons.
Politically motivated computer crime covers a wide range of activity promoting the objectives of individuals, groups or nations supporting a variety of causes such as: Anti-globalization, trans-national conflicts and protest.

Friday, May 09, 2008

In a textbook example of the difficulties in determining the true source and motive behind online attacks, there are several reports coming from Korea concerning the arrest of Chinese and Korean nationals involved in online identify thefts. In this case, the original attacks were attributed to Chinese 'hackers' attacking Korean systems for political reasons. This was because the attacks appeared to originate in China and the software used in the attack had an anti-Korean title.

However, in this case, it appears that Korean criminals involved in online identity thefts were using Chinese 'hackers' to gather the information for fraud:

"...Chinese hackers who claim there is something of a black market for Korean personal information in China. They say Koreans hire Chinese hackers to break into sites to get information, which is then handed over and sold in Korea."

"...the vice head of PR for “Auction” [eBay's Korean subsidiary] said on CBS radio last month that the hacking program employed in the attack was named “Fuck KR,” leading at the time to speculation that the attack was anti-Korean in nature."

This case demonstrated three important issues in analyzing politically motivated computer crimes (or any other computer crime):

1. Most attackers use a chain of connections between themselves and their target. Inexperienced investigators are often misled when they attribute the attack to the most immediate link. (This is not a new phenomena and has been employed for over 20 years by 'hackers'. See "International Intrusions: Patterns and Motives" specifically section 3 Intrusion Patterns and Dynamics for a discussion on how this technique was used in the 1980's and 1990's.)

2. 'Hackers' can be manipulated by more criminal elements thus disguising the actual motive behind the attack.

3. Motive is very difficult to determine in online attacks. There are many cases of politically motived computer crimes disguised as fraud or other types of attacks and also attacks (such as this example) where the motive is disguised as political. Another good example of this is the 'WANK' worm released in 1989:

Too often the source and motives behind attacks are attributed with little information or based on assumptions. This is inadequate when discussing cyberwar and when governments and corporations are considering online retaliation. Investigators and security professionals need better skills in determining actual sources and motives behind computer crimes - political or otherwise.Also see Analyzing Goggle Attacks - Plenty of Room for Error

About Kent Anderson

Kent Anderson has more than 24 years of experience in security and is Managing Director of Encurve, LLC.
Mr. Anderson is a recognized expert on security and politically motivated computer crime and has been quoted by numerous publications including the Washington Post, WSJ, CNN, AP, Reuters, USA Today, LA Business Daily, Singapore Business Times, Danish National Radio and the BBC.
He has held positions as Senior VP of IT Security and Investigations with an international risk consultancy, as Director of Analysis & Investigations with PwC and as the European Info Security Manager for Digital Equipment Corporation.
He has provided assistance to law enforcement and government agencies including the FBI, US Secret Service, DoD, DoJ, FLETC, Scotland Yard, The German BKA, the Russian MVD and Norwegian, Danish and Swiss police. He provided consulting to OECD on international harmonization of computer crime laws and the British Parliament on the development of the UK’s Computer Misuse Act.
Mr. Anderson is a Certified Information Security Manager. He has served on Motorola’s Research Visionary Board for Security, and ISACA’s Security Management Advisory Board.